A Novel Anomaly Detection Scheme Based on Principal Component Classifier
This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies can be treated as outliers, an intrusion predictive model is constructed from the major and minor principal componen...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Report |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Shyu, Mei-Ling Chen, Shu-Ching Sarinnapakorn, Kanoksri Chang, LiWu |
| description | This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies can be treated as outliers, an intrusion predictive model is constructed from the major and minor principal components of the normal instances. A measure of the difference of an anomaly from the normal instance is the distance in the principal component space. The distance based on the major components that account for 50% of the total variation and the minor components whose eigenvalues less than 0.20 is shown to work well. The experiments with KDD Cup 1999 data demonstrate that the proposed method achieves 98.94% in recall and 97.89% in precision with the false alarm rate 0.92% and outperforms the nearest neighbor method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on Canberra metric.
Prepared in collaporation with School of Computer Science, Florida International University, Miami, FL. Presented at Foundations and New Directions in Data Mining Workshop, IEEE International Conference on Data Mining (3rd), ICDM'03, held in Melbourne, FL on 19-22 Dec 2003 and published in proceedings of the same. The original document contains color images. |
| format | Report |
| fullrecord | <record><control><sourceid>dtic_1RU</sourceid><recordid>TN_cdi_dtic_stinet_ADA465712</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>ADA465712</sourcerecordid><originalsourceid>FETCH-dtic_stinet_ADA4657123</originalsourceid><addsrcrecordid>eNrjZPBwVPDLL0vNUXDMy89NzKlUcEktSU0uyczPUwhOzkjNTVVwSixOTVEA8gOKMvOSMwsScxSc83ML8vNS80oUnHMSi4sz0zJTi3gYWNMSc4pTeaE0N4OMm2uIs4duSklmcnxxSWZeakm8o4ujiZmpuaGRMQFpACZRMJ0</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>report</recordtype></control><display><type>report</type><title>A Novel Anomaly Detection Scheme Based on Principal Component Classifier</title><source>DTIC Technical Reports</source><creator>Shyu, Mei-Ling ; Chen, Shu-Ching ; Sarinnapakorn, Kanoksri ; Chang, LiWu</creator><creatorcontrib>Shyu, Mei-Ling ; Chen, Shu-Ching ; Sarinnapakorn, Kanoksri ; Chang, LiWu ; MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING</creatorcontrib><description>This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies can be treated as outliers, an intrusion predictive model is constructed from the major and minor principal components of the normal instances. A measure of the difference of an anomaly from the normal instance is the distance in the principal component space. The distance based on the major components that account for 50% of the total variation and the minor components whose eigenvalues less than 0.20 is shown to work well. The experiments with KDD Cup 1999 data demonstrate that the proposed method achieves 98.94% in recall and 97.89% in precision with the false alarm rate 0.92% and outperforms the nearest neighbor method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on Canberra metric.
Prepared in collaporation with School of Computer Science, Florida International University, Miami, FL. Presented at Foundations and New Directions in Data Mining Workshop, IEEE International Conference on Data Mining (3rd), ICDM'03, held in Melbourne, FL on 19-22 Dec 2003 and published in proceedings of the same. The original document contains color images.</description><language>eng</language><subject>ANOMALIES ; Computer Systems Management and Standards ; DATA PROCESSING SECURITY ; FALSE ALARMS ; INTRUSION DETECTION ; INTRUSION PREDICTIVE MODEL ; MULTIVARIATE ANALYSIS ; OUTLIER DETECTION ; PCA(PRINCIPAL COMPONENT ANALYSIS) ; Statistics and Probability ; SYMPOSIA</subject><creationdate>2003</creationdate><rights>Approved for public release; distribution is unlimited.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>230,778,883,27554,27555</link.rule.ids><linktorsrc>$$Uhttps://apps.dtic.mil/sti/citations/ADA465712$$EView_record_in_DTIC$$FView_record_in_$$GDTIC$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Shyu, Mei-Ling</creatorcontrib><creatorcontrib>Chen, Shu-Ching</creatorcontrib><creatorcontrib>Sarinnapakorn, Kanoksri</creatorcontrib><creatorcontrib>Chang, LiWu</creatorcontrib><creatorcontrib>MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING</creatorcontrib><title>A Novel Anomaly Detection Scheme Based on Principal Component Classifier</title><description>This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies can be treated as outliers, an intrusion predictive model is constructed from the major and minor principal components of the normal instances. A measure of the difference of an anomaly from the normal instance is the distance in the principal component space. The distance based on the major components that account for 50% of the total variation and the minor components whose eigenvalues less than 0.20 is shown to work well. The experiments with KDD Cup 1999 data demonstrate that the proposed method achieves 98.94% in recall and 97.89% in precision with the false alarm rate 0.92% and outperforms the nearest neighbor method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on Canberra metric.
Prepared in collaporation with School of Computer Science, Florida International University, Miami, FL. Presented at Foundations and New Directions in Data Mining Workshop, IEEE International Conference on Data Mining (3rd), ICDM'03, held in Melbourne, FL on 19-22 Dec 2003 and published in proceedings of the same. The original document contains color images.</description><subject>ANOMALIES</subject><subject>Computer Systems Management and Standards</subject><subject>DATA PROCESSING SECURITY</subject><subject>FALSE ALARMS</subject><subject>INTRUSION DETECTION</subject><subject>INTRUSION PREDICTIVE MODEL</subject><subject>MULTIVARIATE ANALYSIS</subject><subject>OUTLIER DETECTION</subject><subject>PCA(PRINCIPAL COMPONENT ANALYSIS)</subject><subject>Statistics and Probability</subject><subject>SYMPOSIA</subject><fulltext>true</fulltext><rsrctype>report</rsrctype><creationdate>2003</creationdate><recordtype>report</recordtype><sourceid>1RU</sourceid><recordid>eNrjZPBwVPDLL0vNUXDMy89NzKlUcEktSU0uyczPUwhOzkjNTVVwSixOTVEA8gOKMvOSMwsScxSc83ML8vNS80oUnHMSi4sz0zJTi3gYWNMSc4pTeaE0N4OMm2uIs4duSklmcnxxSWZeakm8o4ujiZmpuaGRMQFpACZRMJ0</recordid><startdate>200301</startdate><enddate>200301</enddate><creator>Shyu, Mei-Ling</creator><creator>Chen, Shu-Ching</creator><creator>Sarinnapakorn, Kanoksri</creator><creator>Chang, LiWu</creator><scope>1RU</scope><scope>BHM</scope></search><sort><creationdate>200301</creationdate><title>A Novel Anomaly Detection Scheme Based on Principal Component Classifier</title><author>Shyu, Mei-Ling ; Chen, Shu-Ching ; Sarinnapakorn, Kanoksri ; Chang, LiWu</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-dtic_stinet_ADA4657123</frbrgroupid><rsrctype>reports</rsrctype><prefilter>reports</prefilter><language>eng</language><creationdate>2003</creationdate><topic>ANOMALIES</topic><topic>Computer Systems Management and Standards</topic><topic>DATA PROCESSING SECURITY</topic><topic>FALSE ALARMS</topic><topic>INTRUSION DETECTION</topic><topic>INTRUSION PREDICTIVE MODEL</topic><topic>MULTIVARIATE ANALYSIS</topic><topic>OUTLIER DETECTION</topic><topic>PCA(PRINCIPAL COMPONENT ANALYSIS)</topic><topic>Statistics and Probability</topic><topic>SYMPOSIA</topic><toplevel>online_resources</toplevel><creatorcontrib>Shyu, Mei-Ling</creatorcontrib><creatorcontrib>Chen, Shu-Ching</creatorcontrib><creatorcontrib>Sarinnapakorn, Kanoksri</creatorcontrib><creatorcontrib>Chang, LiWu</creatorcontrib><creatorcontrib>MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING</creatorcontrib><collection>DTIC Technical Reports</collection><collection>DTIC STINET</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Shyu, Mei-Ling</au><au>Chen, Shu-Ching</au><au>Sarinnapakorn, Kanoksri</au><au>Chang, LiWu</au><aucorp>MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING</aucorp><format>book</format><genre>unknown</genre><ristype>RPRT</ristype><btitle>A Novel Anomaly Detection Scheme Based on Principal Component Classifier</btitle><date>2003-01</date><risdate>2003</risdate><abstract>This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies can be treated as outliers, an intrusion predictive model is constructed from the major and minor principal components of the normal instances. A measure of the difference of an anomaly from the normal instance is the distance in the principal component space. The distance based on the major components that account for 50% of the total variation and the minor components whose eigenvalues less than 0.20 is shown to work well. The experiments with KDD Cup 1999 data demonstrate that the proposed method achieves 98.94% in recall and 97.89% in precision with the false alarm rate 0.92% and outperforms the nearest neighbor method, density-based local outliers (LOF) approach, and the outlier detection algorithm based on Canberra metric.
Prepared in collaporation with School of Computer Science, Florida International University, Miami, FL. Presented at Foundations and New Directions in Data Mining Workshop, IEEE International Conference on Data Mining (3rd), ICDM'03, held in Melbourne, FL on 19-22 Dec 2003 and published in proceedings of the same. The original document contains color images.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_dtic_stinet_ADA465712 |
| source | DTIC Technical Reports |
| subjects | ANOMALIES Computer Systems Management and Standards DATA PROCESSING SECURITY FALSE ALARMS INTRUSION DETECTION INTRUSION PREDICTIVE MODEL MULTIVARIATE ANALYSIS OUTLIER DETECTION PCA(PRINCIPAL COMPONENT ANALYSIS) Statistics and Probability SYMPOSIA |
| title | A Novel Anomaly Detection Scheme Based on Principal Component Classifier |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T18%3A41%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-dtic_1RU&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=unknown&rft.btitle=A%20Novel%20Anomaly%20Detection%20Scheme%20Based%20on%20Principal%20Component%20Classifier&rft.au=Shyu,%20Mei-Ling&rft.aucorp=MIAMI%20UNIV%20CORAL%20GABLES%20FL%20DEPT%20OF%20ELECTRICAL%20AND%20COMPUTER%20ENGINEERING&rft.date=2003-01&rft_id=info:doi/&rft_dat=%3Cdtic_1RU%3EADA465712%3C/dtic_1RU%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |